- Notes, cautions, and warnings
- Introduction to this guide
- Overview of HDFS with OneFS
- Configuring OneFS with HDFS
- Activate the HDFS license
- Configuring the HDFS service
- HDFS service settings overview
- Enable or disable the HDFS service globally (Web UI)
- Enable or disable the HDFS service per-access zone (Web UI)
- Enable or disable the HDFS service globally (CLI)
- Enable or disable the HDFS service per-access zone (CLI)
- Configure HDFS service settings (Web UI)
- Configure HDFS service settings (CLI)
- View HDFS settings (Web UI)
- View HDFS settings (CLI)
- Modify HDFS log levels (CLI)
- View HDFS log levels (CLI)
- Set the HDFS root directory (Web UI)
- Set the HDFS root directory (CLI)
- Configuring HDFS authentication methods
- Creating a local Hadoop user
- Enabling the WebHDFS REST API
- Configuring secure impersonation
- Configuring virtual HDFS racks
- Configuring HDFS wire encryption
- Configuring HDFS transparent data encryption
- Additional resources
PowerScale OneFS HDFS Configuration Guide
Configure Kerberos authentication for Hadoop clients (CLI)
If you want Hadoop compute clients running Hadoop 2.2 and later to connect to an access zone through Kerberos, you must modify the core-site.xml and hdfs-site.xml files on the Hadoop clients.
Kerberos must be set as the HDFS authentication method in the access zone and a Kerberos authentication provider must be configured and assigned to the access zone.
Note that if you are changing the core-site.xml and hdfs-site.xml files directly with an editor per the instructions below, this will work, but those changes will likely be overwritten. This is because these two configuration files are frequently overwritten by the Ambari or Cloudera Navigator user interfaces. Therefore, if you are managing the cluster with Ambari or Cloudera Navigator, we recommend that you use their respective user interfaces to make any configuration changes.
- Go to the $HADOOP_CONF directory on your Hadoop client.
- Open the core-site.xml file in a text editor.
-
Set the value of the hadoop.security.token.service.use_ip property to
false as shown in the following example:
<property> <name>hadoop.security.token.service.use_ip</name> <value>false</value> </property>
- Save and close the core-site.xml file.
- Open the hdfs-site.xml file in a text editor.
-
Set the value of the dfs.namenode.kerberos.principal.pattern property to the Kerberos realm configured in the Kerberos authentication provider as shown in the following example:
<property> <name>dfs.namenode.kerberos.principal.pattern</name> <value>hdfs/*@storage.company.com</value> </property>
- Save and close the hdfs-site.xml file.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\